Take a look at www.sans.org There is a blurb about ms sql servers that might be relevant.
>>>RWT Dale Mirenda wrote: > on 10/14/02 3:09 PM, [EMAIL PROTECTED] at > [EMAIL PROTECTED] wrote: > > >>port 1433.. isn't that Citrix or more specifically the ICA >>protocol. Or was it VNC... >> >>joey >> > > Not Citrix: that's 1494... > > Dale Mirenda > > >> >>On Mon, 14 Oct 2002 23:29:42 +0200 >>Jon Clausen <[EMAIL PROTECTED]> wrote: >> >>>Logged into a remote Dachstein box to check up on >>>something else, and I >>>see huge amounts of denied packets in >>>/var/log/messages... >>> >>>Connection attempts from f.x: >>> >>>10.131.224.1:3 -> 62.243.222.62:1 >>>^^unknown^^ ^^my remote^^ >>> >>>I see a bunch of these from different IPs (that is, from >>>port 3 to port >>>1)... dunno what to make of that, but then there's this >>>guy: >>> >>># grep 65.82.107.120 $_ | nl >>>1 Oct 14 15:05:56 skilderhus kernel: Packet log: >>>input DENY eth0 >>>PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 >>>I=5685 F=0x0000 T=45 >>>(#2) >>> >>><continues in 'bursts' to:> >>>... >>> >>>164 Oct 14 15:06:07 skilderhus kernel: Packet log: >>>input DENY eth0 >>>PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 >>>I=5866 F=0x0000 T=45 >>>(#2) >>> >>>is this some kind of DoS? Am I under attack, or is it >>>just some >>>misconfigured box? >>> >>>I nmapped the IP, and the only thing that came up was: >>>Port State Service >>>1433/tcp open ms-sql-s >>> >>>-so I'm guessing it's a zombie windows host... (?) >>> >>>TIA >>> >>>Jon Clausen >>> >>> >>>------------------------------------------------------- >>>This sf.net email is sponsored by:ThinkGeek >>>Welcome to geek heaven. >>>http://thinkgeek.com/sf >>> >>> >>------------------------------------------------------------------------ >> >>>leaf-user mailing list: [EMAIL PROTECTED] >>>https://lists.sourceforge.net/lists/listinfo/leaf-user >>>SR FAQ: >>> >>> >>http://leaf-project.org/pub/doc/docmanager/docid_1891.html >> >> >> >>------------------------------------------------------- >>This sf.net email is sponsored by:ThinkGeek >>Welcome to geek heaven. >>http://thinkgeek.com/sf >>------------------------------------------------------------------------ >>leaf-user mailing list: [EMAIL PROTECTED] >>https://lists.sourceforge.net/lists/listinfo/leaf-user >>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html >> >> > > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
